Microsoft Freed More Than 2 Million PCs from Massive Botnet

Microsoft this week revealed that its recent efforts to disrupt the Citadel botnet were successful, with more than 2 million PCs freed from the clutches of malicious hackers. The botnet is responsible for over $500 million in damages, mostly through the use of keystroke recorders that helped the hackers gain access to users’ banking and other online account information.

“We definitely have liberated at least 2 million PCs globally,” Richard Boscovich, assistant general counsel with Microsoft's Digital Crimes Unit, told Reuters this week. “That is a conservative estimate.” Most of those machines are in the United States, Europe, and Hong Kong, which map to the top three locales affected by the botnet.

At its peak, Citadel was comprised of about 1,400 separate computer networks, called botnets, that controlled infected PCs remotely. The malicious software was distributed electronically, and with pirated versions of Windows, Microsoft said. The botnet disabled antivirus software so that the infected PC was open for control. In disrupting the botnet, Microsoft and more than 80 law enforcement agencies essentially severed the connections between the botnets and those PCs.

“It was a very, very successful disruptive action,” Boscovich said. “We feel confident that we really got most of the ones that we were after.”

Boscovich also fingered the ringleader of the botnet for the first time, an “eastern European” who goes by the alias Aquabox. Aquabox and dozens of other botnet operators remain at large, and law enforcement is working to uncover their true identities and locate them.